Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
818 views
in Technique[技术] by (71.8m points)

security - Java applet stopped working after update to JRE 7u21

My java applet stopped working once JRE was updated to 7u21.

Short summary:

  • The Exceptions I get are: netscape.javascript.JSException and
    java.lang.NoClassDefFoundError. the applet worked fine until JRE 7u21.

  • The applet is embedded in a web page using Oracle's DeployJava.js.

  • The applet is signed, it uses LiveConnect to fire events, it access USB and serial ports through JNI, it uses code from multiple JAR files.

  • The failure happens on all desktop browsers tested (Firefox, chrome, IE8/9 and Safari on Mac).

Details:

  • I have a java applet that allows my website to communicate with a USB device.

  • The applet has been working well for the past year.

  • Once JRE7 update 21 was released - the applet stopped working.

  • The applet is hosted in a web page (ASP.NET) using Oracle's DeployJava.js library.

  • It uses LiveConnect to raise events back to my javascript code.

The first problem I had on JRE 7u21 was an exception on the first attempt to raise an event through LiveConnect:

netscape.javascript.JSException: JavaScript error while calling "_notify"
at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown Source)
at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown Source)
at sun.plugin2.main.client.MessagePassingJSObject.call(Unknown Source)
at <myapplet>.fireJavascriptEvent(Unknown Source)
at <myapplet>$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.asec.easypark.applets.HomeloadingApplet.start(Unknown Source)
at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.start(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

in order to mitigate this problem I added the following line to 'manifest' section in the ant script for the applet:

attribute name="Trusted-Library" value="true" 

I built the applet using JDK 7u21 and it seemed to help:

after that I started getting another error - so I believe this one was solved, but it may have caused the next problem.

the second problem is this: the applet is calling code from several JAR files. on the first call to code in another JAR file (not that of the applet) fails with the following exception:

**java.lang.NoClassDefFoundError**: com/codeminders/hidapi/HIDManager
    at <PackageInSecondJar>.communication.HIDTransmitter.open(Unknown Source)
    at <PackageInSecondJar>.communication.HIDTransmitterSearcher.find(Unknown Source)
    at <PackageInSecondJar>.communication.CompositeTransmitterSearcher.find(Unknown Source)
    at <PackageInAppletJar>.communication.AppletCommunicationBroker.setupDeviceProxy(Unknown Source)
    at <PackageInAppletJar>.communication.AppletCommunicationBroker.setup(Unknown Source)
    at <PackageInAppletJar>.<TheApplet>$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at <PackageInAppletJar>.<TheApplet>.start(Unknown Source)
    at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.start(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

I already tried the following measures - without success:

  • add HTTP header 'Cache-Control' = 'no-cache'

  • add HTTP header 'Cache-Control' = 'no-cache, no-store, must-revalidate'

  • use latest DeployJava.js from http://java.com/js/deployJava.txt (after renaming to .js)

The applet already has these features:

  • mark security ‘all-permissions’ in jnlp

  • the main JAR is signed with certificate from an external CA

  • the applet code is running inside a AccessController.doPrivileged block.

I'm a java newbie so please don't disregard the obvious solutions...

Thanks in advance for your help,

Guy.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Bailey S is right.Make sure that java can see that jar file.If you're using linux,set the path in /etc/environment path variable or in windows,just right click on my computer,go to properties,environment variables and set path there


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...